Some of the 2,200 databases that the IRS uses to manage and process taxpayer data are not configured securely, are running out-of-date software, and no longer receive security patches.
Nor has the IRS fully implemented its plans to complete vulnerability scans of its databases — although the IRS spent more than $1.1 million in software licenses and support costs for a database vulnerability scanning and compliance assessment tool, it did not fully implement it. TIGTA used database vulnerability assessment software to conduct remote scans of the primary databases for 13 applications supporting critical tax administration business processes. Its review found high and medium risk vulnerabilities, as classified by the scanning tool in each of the 13 databases. [TIGTA via TaxProf]